HPE Community
Operating System - HP-UX
1833536 Members
3096 Online
110061 Solutions
New Discussion

cannot able to find process

 
SOLVED
Go to solution
satheeshnp
Advisor

‎04-05-2011 04:44 AM

‎04-05-2011 04:44 AM

cannot able to find process

Hi,

From Firewall team, i got a message that my unix server is trying to ping another server continously and firewall is denying.

He asked to me to kill that process.

I can't trace that. How will i trace the ping process. I have killed all the session now only console is there. How tio kill that process
0 Kudos
Reply
5 REPLIES 5
Torsten.
Acclaimed Contributor

‎04-05-2011 04:50 AM

‎04-05-2011 04:50 AM

Re: cannot able to find process

It may help if you ask the network expert what the destination IP of the ping is - this may help to find the "ping" process (likely initiated from an application or script - not continuously running).

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
0 Kudos
Reply
Hakki Aydin Ucar
Honored Contributor

‎04-05-2011 05:07 AM

‎04-05-2011 05:07 AM

Re: cannot able to find process

maybe you can also use that native HP tool, nettl:
HP-UX provides the nettl command to perform network tracing and logging.
for more;
man nettl

0 Kudos
Reply
satheeshnp
Advisor

‎04-05-2011 05:36 AM

‎04-05-2011 05:36 AM

Re: cannot able to find process

i have got the destination ip also.

He shared me the logs. Attached here.
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

‎04-05-2011 01:01 PM

‎04-05-2011 01:01 PM

Solution

Re: cannot able to find process

If I'm reading the log correctly, the message is ICMP type 3, code 3. That is *NOT* a ping: it is a "Port unreachable" message. See the official table by Internet Assigned Numbers Authority:

http://www.iana.org/assignments/icmp-parameters

Ping (or "ICMP Echo") would be type 8, code 0; a ping response (also known as "pong" or "ICMP Echo Reply") is type 0, code 0.

So, the "Port unreachable" message the firewall is blocking is sent from IP address 172.17.162.176 to IP address 172.20.117.175. In effect, .176 is telling to .175: "No, I don't have the service you're trying to reach. Please stop trying."

That means the system 172.20.117.175 is again and again trying to access some port on the 172.17.162.176 system. If, as you said, you've stopped all applications and ended all sessions on .176, then there are no network services running, and all connection attempts to the .176 will be rejected with similar ICMP messages (or in the case of TCP protocol, with TCP RESET packets).

The "Port unreachable" messages are sent by the OS kernel. Sending them is a very low-priority task: if the system is busy with more important tasks, the "Port unreachable" messages would be delayed or not sent at all. But if you have stopped everything on .176, the kernel doesn't have anything more important to do...

You should examine the 172.20.117.175 system to try and find out what service it's trying to access on .176. Once you find and make it stop its useless attempts, the ICMP messages will stop too.

To see what port the .175 system is trying to access, you might have to use nettl (as Hakki suggested) to dump the incoming traffic on .176 and find the port numbers from the dump. The destination port number will often (but not always) identify the service: once you know that, you might be able to figure out which process on .175 is trying to reach that service on .176.

Alternatively, if you have the free (and very useful) lsof tool installed on .175, you might be able to identify the process by running "lsof -i :" on .175 (replace with the actual port number you see in the traffic dump).

MK
MK
Reply
satheeshnp
Advisor

‎04-06-2011 11:05 AM

‎04-06-2011 11:05 AM

Re: cannot able to find process

Hi ,

You are a genious. I will try to find it and stop.

Even network guy who working inmy team doesn't know these stuffs.

Thanks . I will check it
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.